Apple patches vulnerabilities exploided by Israeli cyber arms company

Apple security is not entirely 'bulletproof', as it is commonly understood by its users. Image Source: Gizmodo

Common saying is that Apple Inc (NASDAQ: AAPL) has a flawless security system. Well, everyone should guess again. Researchers published evidence that an Israeli cyber arms organization called NSO Group is selling powerful hardware to jailbreak iPhone devices.

Jailbreaking an iPhone gives it root access, which means a third-party user can make whatever changes he or she wants in the device. The malware Pegasus can surveil and steal anything once is established in a smartphone.

It targets all the information: phone calls, messages, emails, calendar, keystroke, contacts, browse history, video and audio feeds and even the information on any app and social media, including login credentials.

Lockout, the security firm that discovered the bug stated this is the first time anyone has gotten a copy of NSO Group’s spyware and been able to reverse engineer it.

Ten days after Lookout presented the malware to Apple in a private reunion, the company fixed it with iOS update 9.3.5.

“THIS IS THE MOST SHOPHISTICATED BAD ACTOR WE HAVE EVER SEEN TARGERTING MOBILE PHONES OUT IN THE WILD,” said vice president of Lockout Mike Murray.

Pegasus spyware is ruthless

The spyware relies on three previously unknown vulnerabilities in Apple’s mobile operative system that has made it possible for governments to take victim’s phones for years. The trick is rather simple, however, the code underneath is as complex as dangerous: the phone owner must only tap a link inside text message to punch a hole in the security system of the device.

Pegasus works multiple tasks on a single click. After the victim clicks the link with the payload, the iPhone is jailbroken, and theft data software is installed to begin operating in the background.

A spokesman for NSO Group said the mobile hacking code was sold to governments, as the companies’ agreement require that the products go to the legal markets. That said, yes, a Government holds the power to breach online privacy legally.

This is why the matter brings broad concerns to the public and tech companies, as even giants as Apple are struggling against the ever-growing market of hacking tools that give any government access to digital surveillance measures.

What is the NSO Group?

Many governments don’t have a well-developed digital surveillance operation. Smaller nations often prefer not to handle their digital intelligence systems with outsiders, thus doing what everybody does: buy their software from a vendor.

Enter the shadowy NSO Group into the stage, a company with a nation state clientele that includes Mexico, Israel, and other suspected Middle-East countries.

Not much is known about the corporation. Its LinekdIn profile says it started in 2010 and had over 200 employees. Their webpage is currently down.

Computer forensics company Citizen Lab says: “One thing about NSO is that like Hacking Team and FinFisher, they represent themselves as selling lawful intercept tools exclusively to the government.”